Channel Register

Phishing worm hooks MySpace users

Zango and cash

Free whitepaper – Essential archive requirements for eDiscovery

In Brief A worm exploiting Javascript support within Apple's embedded QuickTime player has spread across the MySpace network.

The worm is being used in conjunction with a MySpace vulnerability recently reported on a security mailing list to replace legitimate links on a user's MySpace profile with links pointing towards a phishing site. The attack attempts to trick users into handing over MySpace login credentials and to trick users into visiting a pornographic website contaminated with Zango adware, FaceTime Security reports.

Once a user's MySpace profile is infected (which happens when they view a malicious embedded QuickTime video) their links are doctored and a copy of the malicious QuickTime video is embedded into the user's site, web security firm WebSense said. Other users who visit an infected profile may then pass on the infection.

An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, it adds. ®

Free whitepaper – Five essential considerations for Exchange 2007 implementations

Don’t Miss

Pirates ahoy!Sign up, sign up for The Register IT security newsletter

Narrowcasting for the email classes

SunFormer top Sun exec mourns end of a franchise

Watermelons, Elton John, and killing SGI

HTC Touch Diamond 2Win an HTC Touch Diamond2!

Reg Lucky Draw Last call for iPhone botherer promo

thumbs down teaser 75Disties braced for autumn reseller collapses

Is that why they call it fall?